5585ee10b43277b9469f5a2f1146ed53_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5585ee10b43277b9469f5a2f1146ed53_JaffaCakes118
Size

53KB
MD5

5585ee10b43277b9469f5a2f1146ed53
SHA1

9a879f02d952d2d9aef197241178e8a9b0942cee
SHA256

a41c006694e8afe4d5133668a04335d4f0779f6ecdaaedd38d32d788d381d4ee
SHA512

17c256afc7d913b40baec952b4a0c8c8a044bda8a3d4cd6344f89446c807c34ed420e5f9c3247908e3915324f67843f440e9f7ecb167e1b3052636bba3c945ff
SSDEEP

1536:TnvDeTjFMspNbjTN9gt9oAB976vQRlaH/fv:7vDYN0F/0QRk/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5585ee10b43277b9469f5a2f1146ed53_JaffaCakes118

Files

5585ee10b43277b9469f5a2f1146ed53_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cbf47572e8cb446c01bd5522c7d7f827

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\excel\x86\ship\0\excel.pdb

Imports

kernel32

ExitProcess
FormatMessageA
GetLastError
SetLastError
VirtualAlloc
CloseHandle
MapViewOfFile
CreateFileMappingA
VirtualFree
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
lstrcpynW
GetFullPathNameW
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetFileSize
ReadFile
SetFilePointer
CreateFileW
WideCharToMultiByte
GetEnvironmentVariableW
GetVersion

user32

MessageBoxA

Exports

Exports

DllGetLCID
MdCallBack
MdCallBack12
_LPenHelper

Sections

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 156B - Virtual size: 17.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE